[COMMIT]refpolicy branch, master, updated. RELEASE_2_20120215-43-g278ac79

Reference Policy commits mail list refpolicy-commits at oss.tresys.com
Fri May 4 09:29:04 CDT 2012 

This is an automated email from the git hooks/post-receive script. It was
generated because a ref change was pushed to the repository containing
the project "refpolicy".

The branch, master has been updated
       via  278ac79c081b12c9ec3f4c0fc32b3538f5fd25c2 (commit)
       via  d36c428425ba88ace505fa511ce8418b50edb49f (commit)
       via  7b6fe9c1a57a1b40a7c1e45026d169b18263591f (commit)
       via  ee62c913455b2249a164b087cf1c743c627d2171 (commit)
       via  1c5de3ddf5b03627705e9567b33dac2e5f92acbe (commit)
      from  b72101a1162b6e2c29bb9d65abf6dd84a813ae6d (commit)

Those revisions listed above that are new to this repository have
not appeared on any other notification email; so we list those
revisions in full, below.

- Log -----------------------------------------------------------------
commit 278ac79c081b12c9ec3f4c0fc32b3538f5fd25c2
Author: Chris PeBenito <cpebenito at tresys.com>
Date:   Fri May 4 11:20:33 2012 -0400

    Module version bump for http_cache port update from Sven Vermeulen.

commit d36c428425ba88ace505fa511ce8418b50edb49f
Author: Sven Vermeulen <sven.vermeulen at siphos.be>
Date:   Tue May 1 10:37:20 2012 +0200

    Mark tcp:3128 as http_cache_port_t
    
    Port 3128 is the default port for squid cache
    
    Signed-off-by: Sven Vermeulen <sven.vermeulen at siphos.be>

commit 7b6fe9c1a57a1b40a7c1e45026d169b18263591f
Author: Chris PeBenito <cpebenito at tresys.com>
Date:   Fri May 4 10:49:11 2012 -0400

    Module version bump for syslog-ng and lvm patches from Sven Vermeulen.

commit ee62c913455b2249a164b087cf1c743c627d2171
Author: Sven Vermeulen <sven.vermeulen at siphos.be>
Date:   Tue May 1 10:23:10 2012 +0200

    Recent lvm utilities now use setfscreate
    
    Signed-off-by: Sven Vermeulen <sven.vermeulen at siphos.be>

commit 1c5de3ddf5b03627705e9567b33dac2e5f92acbe
Author: Sven Vermeulen <sven.vermeulen at siphos.be>
Date:   Tue May 1 10:13:14 2012 +0200

    Allow getsched for syslog-ng
    
    Recent syslog-ng implementation uses a threading library that requires the getsched permission.
    
    See also https://bugs.gentoo.org/show_bug.cgi?id=405425
    
    Signed-off-by: Sven Vermeulen <sven.vermeulen at siphos.be>

-----------------------------------------------------------------------

Summary of changes:
 policy/modules/kernel/corenetwork.te.in |    4 ++--
 policy/modules/system/logging.te        |    5 +++--
 policy/modules/system/lvm.te            |    4 ++--
 3 files changed, 7 insertions(+), 6 deletions(-)

Detailed diffset:
:100644 100644 e50dfed... 97978e3... M	policy/modules/kernel/corenetwork.te.in
:100644 100644 ebc216c... 8ea7fdb... M	policy/modules/system/logging.te
:100644 100644 6a87211... 7b6bcb9... M	policy/modules/system/lvm.te

diff --git a/policy/modules/kernel/corenetwork.te.in b/policy/modules/kernel/corenetwork.te.in
index e50dfed..97978e3 100644
--- a/policy/modules/kernel/corenetwork.te.in
+++ b/policy/modules/kernel/corenetwork.te.in
@@ -1,4 +1,4 @@
-policy_module(corenetwork, 1.17.0)
+policy_module(corenetwork, 1.17.1)
 
 ########################################
 #
@@ -125,7 +125,7 @@ network_port(hddtemp, tcp,7634,s0)
 network_port(howl, tcp,5335,s0, udp,5353,s0)
 network_port(hplip, tcp,1782,s0, tcp,2207,s0, tcp,2208,s0, tcp, 8290,s0, tcp,50000,s0, tcp,50002,s0, tcp,8292,s0, tcp,9100,s0, tcp,9101,s0, tcp,9102,s0, tcp,9220,s0, tcp,9221,s0, tcp,9222,s0, tcp,9280,s0, tcp,9281,s0, tcp,9282,s0, tcp,9290,s0, tcp,9291,s0, tcp,9292,s0)
 network_port(http, tcp,80,s0, tcp,443,s0, tcp,488,s0, tcp,8008,s0, tcp,8009,s0, tcp,8443,s0) #8443 is mod_nss default port
-network_port(http_cache, udp,3130,s0, tcp,8080,s0, tcp,8118,s0, tcp,10001-10010,s0) # 8118 is for privoxy
+network_port(http_cache, tcp,3128,s0, udp,3130,s0, tcp,8080,s0, tcp,8118,s0, tcp,10001-10010,s0) # 8118 is for privoxy
 network_port(i18n_input, tcp,9010,s0)
 network_port(imaze, tcp,5323,s0, udp,5323,s0)
 network_port(inetd_child, tcp,1,s0, udp,1,s0, tcp,7,s0, udp,7,s0, tcp,9,s0, udp,9,s0, tcp,13,s0, udp,13,s0, tcp,19,s0, udp,19,s0, tcp,37,s0, udp,37,s0, tcp,512,s0, tcp,543,s0, tcp,544,s0, tcp,891,s0, udp,891,s0, tcp,892,s0, udp,892,s0, tcp,2105,s0, tcp,5666,s0)
diff --git a/policy/modules/system/logging.te b/policy/modules/system/logging.te
index ebc216c..8ea7fdb 100644
--- a/policy/modules/system/logging.te
+++ b/policy/modules/system/logging.te
@@ -1,4 +1,4 @@
-policy_module(logging, 1.18.0)
+policy_module(logging, 1.18.1)
 
 ########################################
 #
@@ -358,7 +358,8 @@ allow syslogd_t self:capability { dac_override sys_resource sys_tty_config net_a
 dontaudit syslogd_t self:capability sys_tty_config;
 # setpgid for metalog
 # setrlimit for syslog-ng
-allow syslogd_t self:process { signal_perms setpgid setrlimit };
+# getsched for syslog-ng
+allow syslogd_t self:process { signal_perms setpgid setrlimit getsched };
 # receive messages to be logged
 allow syslogd_t self:unix_dgram_socket create_socket_perms;
 allow syslogd_t self:unix_stream_socket create_stream_socket_perms;
diff --git a/policy/modules/system/lvm.te b/policy/modules/system/lvm.te
index 6a87211..7b6bcb9 100644
--- a/policy/modules/system/lvm.te
+++ b/policy/modules/system/lvm.te
@@ -1,4 +1,4 @@
-policy_module(lvm, 1.13.0)
+policy_module(lvm, 1.13.1)
 
 ########################################
 #
@@ -167,7 +167,7 @@ optional_policy(`
 # net_admin for multipath
 allow lvm_t self:capability { dac_override fowner ipc_lock sys_admin sys_nice mknod chown sys_resource sys_rawio net_admin };
 dontaudit lvm_t self:capability sys_tty_config;
-allow lvm_t self:process { sigchld sigkill sigstop signull signal };
+allow lvm_t self:process { sigchld sigkill sigstop signull signal setfscreate };
 # LVM will complain a lot if it cannot set its priority.
 allow lvm_t self:process setsched;
 allow lvm_t self:file rw_file_perms;


hooks/post-receive
--
refpolicy

More information about the Refpolicy-commits mailing list